This bug was fixed in the package systemd - 234-2ubuntu12.3
---
systemd (234-2ubuntu12.3) artful; urgency=medium
[ Dimitri John Ledkov ]
* Fix test-functions failing with Ubuntu units. LP: #1750608
* tests: switch to using ext4 by default, instead of ext3. LP: #1750608
* Fix
Using test software from pkeys(7) manpage, modified to use PROT_WRITE |
PROT_EXEC, created systemd unit that tries to use memory protection, and
started it as a systemd unit.
Thus calling:
status = pkey_mprotect(buffer, getpagesize(),
PROT_READ | PROT_WRITE | PROT_EXEC, pkey);
if (status == -1)
Hello Thomas, or anyone else affected,
Accepted systemd into artful-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/systemd/234-2ubuntu12.3 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Description changed:
+ [Impact]
+
+ * MemoryDenyWritePolicy can be bypassed by using a slightly different
+ syscall.
+
+ [Test Case]
+
+ * Check that MemoryDenyWritePolicy, blocks pkey_mprotect as well as
+ mprotect.
+
+ [Regression Potential]
+
+ * Upstream fix cherrypick, security
** Changed in: systemd (Ubuntu Zesty)
Status: New => Won't Fix
** Changed in: systemd (Ubuntu Xenial)
Status: New => Invalid
** Changed in: systemd (Ubuntu Artful)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs,
This bug was fixed in the package systemd - 235-3ubuntu2
---
systemd (235-3ubuntu2) bionic; urgency=medium
* systemd-fsckd: Fix ADT tests to work on s390x too.
systemd (235-3ubuntu1) bionic; urgency=medium
* Merge 235-3 from debian:
- Drop UBUNTU-CVE-2017-15908 included in
** Changed in: systemd (Ubuntu Bionic)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1725348
Title:
Systemd - Bypassing MemoryDenyWriteExecution policy
To
Patches backported into Debian packaging git:
https://anonscm.debian.org/cgit/pkg-
systemd/systemd.git/commit/?id=9bba5469f2b95ea9
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1725348
Title:
Upstream commits:
https://github.com/systemd/systemd/commit/b835eeb4ec1dd122b6feff2b70881265c529fcdd
https://github.com/systemd/systemd/commit/91691f1d3e3c66122fd0fc564ea3f20f566c2698
https://github.com/systemd/systemd/commit/213f2883c006d785e033597d2f46a110d85eb54b
--
You received this bug
The attachment "0001-shared-seccomp-disallow-pkey_mprotect-the-same-as-
mp.patch" seems to be a patch. If it isn't, please remove the "patch"
flag from the attachment, remove the "patch" tag, and if you are a
member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message
** Also affects: systemd (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: systemd (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: systemd (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: systemd (Ubuntu Artful)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1725348
Title:
Systemd - Bypassing MemoryDenyWriteExecution policy
To manage
12 matches
Mail list logo
